Linux Kernel Nexthop Data-Race Vulnerability

Vulnerability

A data-race vulnerability has been identified in the Linux kernel's nexthop component. The issue arises because the 'nexthop_compat_mode' variable can be changed concurrently while it is being read. This vulnerability affects several versions of the Linux kernel. To address this issue, the 'READ_ONCE()' function needs to be added to the readers of 'nexthop_compat_mode' to ensure safe access.

Impact

Exploitation of this vulnerability can lead to data inconsistency issues, where concurrent reads and writes to 'nexthop_compat_mode' could cause unexpected behavior in the nexthop functionality.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Nexthop Data-Race Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating